Lab 1 : Introduction to Network Security

Questions 1.1 What is the OSI security architecture? Answer: OSI security architecture defines such as systematic approach. It can be used as a way of organizing the task of providing security.OSI security architecture was developed as an international standard, and it focuses on security attack, mechanism, and services. Security attack: any action that compromise the security of information owned by organization. Security mechanism: it is a process that is designed to detect, recover from a security attack. And it is a method which is used to protect your message from unauthorized entry. Security services: it is the service used to implement implemented by security mechanism. 1.2 What is the difference between passive and active security threats? 1.3 List and briefly define categories of passive and active security attacks. 1.4 List and briefly define categories of security services. 1.5 List and briefly define categories of security mechanisms. security policies and

Problems

1.1 Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system. In each case, indicate the degree of importance of the requirement. 1.2 Repeat Problem 1.1 for a telephone switching system that routes calls through a switching network based on the telephone number requested by the caller. 1.3 Consider a desktop publishing system used to produce documents for various organizations. a. Give an example of a type of publication for which confidentiality of the stored data is the most important requirement. b. Give an example of a type of publication in which data integrity is the most important requirement. c. Give an example in which system availability is the most important requirement.

1.4 For each of the following assets, assign a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers. a. An organization managing public information on its Web server. b. A law-enforcement organization managing extremely sensitive investigative information. c. A financial organization managing routine administrative information (not privacy-related information). d. An information system used for large acquisitions in a contracting organization that contains both sensitive, pre-solicitation phase contract information and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole. e. A power plant contains a SCADA (supervisory control and data acquisition) system controlling the distribution of electric power for a large military installation. The SCADA system contains both real-time sensor data and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole. 1.5 Draw a matrix similar to Table 1.4 that shows the relationship between security services and attacks. 1.6 Draw a matrix similar to Table 1.4 that shows the relationship between security mechanisms and attacks. Table 1.4 Relationship Between Security Services and Mechanisms